meta: style
This commit is contained in:
parent
bd85de1d4f
commit
a4df66cba2
11 changed files with 11 additions and 13 deletions
|
@ -87,7 +87,7 @@
|
||||||
|
|
||||||
hydraJobs = {
|
hydraJobs = {
|
||||||
systems = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
|
systems = lib.mapAttrs (_: x: x.config.system.build.toplevel) self.nixosConfigurations;
|
||||||
packages = self.packages;
|
inherit (self) packages;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
{ ... }:
|
|
||||||
{
|
{
|
||||||
services.redis = {
|
services.redis = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -19,7 +19,7 @@ in
|
||||||
group = "hydra";
|
group = "hydra";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
} // lib.mapAttrs' (k: v: lib.nameValuePair "hydra-database-credentials-for-${k}" v)
|
} // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
|
||||||
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
|
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
|
||||||
(x:
|
(x:
|
||||||
{
|
{
|
||||||
|
|
|
@ -6,8 +6,7 @@ let
|
||||||
back = tools.identity.ldap.server.hostname;
|
back = tools.identity.ldap.server.hostname;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."${front}" = let
|
services.nginx.virtualHosts."${front}" = basic // {
|
||||||
in basic // {
|
|
||||||
locations."= /".return = "302 /ipa/ui/";
|
locations."= /".return = "302 /ipa/ui/";
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
# HACK: not using proxy_pass here to prevent inclusion of recommended headers
|
# HACK: not using proxy_pass here to prevent inclusion of recommended headers
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
hydra-unstable = patched.hydra;
|
hydra-unstable = patched.hydra;
|
||||||
|
|
||||||
sssd = patched.sssd;
|
inherit (patched) sssd;
|
||||||
|
|
||||||
} // lib.optionalAttrs config.krb5.enable {
|
} // lib.optionalAttrs config.krb5.enable {
|
||||||
bind = patched.kerberized-bind;
|
bind = patched.kerberized-bind;
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
{
|
{
|
||||||
security.sudo.extraRules = [
|
security.sudo.extraRules = [
|
||||||
({
|
{
|
||||||
users = [ "deploy" ];
|
users = [ "deploy" ];
|
||||||
commands = [
|
commands = [
|
||||||
"NOPASSWD: /nix/store/*-activate-rs/activate-rs"
|
"NOPASSWD: /nix/store/*-activate-rs/activate-rs"
|
||||||
"NOPASSWD: /run/current-system/sw/bin/rm /tmp/deploy-rs-canary-*"
|
"NOPASSWD: /run/current-system/sw/bin/rm /tmp/deploy-rs-canary-*"
|
||||||
];
|
];
|
||||||
runAs = "root";
|
runAs = "root";
|
||||||
})
|
}
|
||||||
];
|
];
|
||||||
nix.trustedUsers = [ "deploy" ];
|
nix.trustedUsers = [ "deploy" ];
|
||||||
users.users.deploy = {
|
users.users.deploy = {
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
group = "hydra";
|
group = "hydra";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
} // lib.mapAttrs' (k: v: lib.nameValuePair "hydra-database-credentials-for-${k}" v)
|
} // lib.mapAttrs' (k: lib.nameValuePair "hydra-database-credentials-for-${k}")
|
||||||
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
|
(lib.genAttrs [ "hydra-queue-runner" "hydra-www" "hydra" ]
|
||||||
(x:
|
(x:
|
||||||
{
|
{
|
||||||
|
|
|
@ -23,7 +23,7 @@ let
|
||||||
discoverKey = config.age.secrets.hyprspace-discover-key.path;
|
discoverKey = config.age.secrets.hyprspace-discover-key.path;
|
||||||
runConfig = "/run/hyprspace.yml";
|
runConfig = "/run/hyprspace.yml";
|
||||||
in {
|
in {
|
||||||
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair (v.hypr.addr) ([k "${k}.hypr"])) hyprspaceCapableNodes;
|
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hypr.addr [k "${k}.hypr"]) hyprspaceCapableNodes;
|
||||||
age.secrets.hyprspace-key = {
|
age.secrets.hyprspace-key = {
|
||||||
file = ../../secrets/hyprspace-key- + "${hostName}.age";
|
file = ../../secrets/hyprspace-key- + "${hostName}.age";
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
|
|
|
@ -10,7 +10,7 @@ let
|
||||||
# apply some extra transformations for INI generation
|
# apply some extra transformations for INI generation
|
||||||
# 2 layers deep because the attrset for the INI generator does it
|
# 2 layers deep because the attrset for the INI generator does it
|
||||||
iniFilter = builtins.mapAttrs iniFilter';
|
iniFilter = builtins.mapAttrs iniFilter';
|
||||||
iniFilter' = k: v: builtins.mapAttrs iniFilter'' v;
|
iniFilter' = k: builtins.mapAttrs iniFilter'';
|
||||||
iniFilter'' = k: v:
|
iniFilter'' = k: v:
|
||||||
if builtins.isList v then builtins.concatStringsSep ", " v
|
if builtins.isList v then builtins.concatStringsSep ", " v
|
||||||
else if builtins.isBool v then (if v then "True" else "False")
|
else if builtins.isBool v then (if v then "True" else "False")
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
let tools = import ./lib/tools.nix;
|
let tools = import ./lib/tools.nix;
|
||||||
in with tools;
|
in with tools;
|
||||||
{ inputs, pkgs, ... }: rec {
|
{ inputs, pkgs, ... }: rec {
|
||||||
deploy-rs = inputs.deploy-rs.packages.${pkgs.system}.deploy-rs;
|
inherit (inputs.deploy-rs.packages.${pkgs.system}) deploy-rs;
|
||||||
|
|
||||||
nix-super = inputs.nix-super.defaultPackage.${pkgs.system};
|
nix-super = inputs.nix-super.defaultPackage.${pkgs.system};
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
|
|
||||||
mappers = {
|
mappers = {
|
||||||
|
|
||||||
mapSubdomains = with lib; mapAttrs' (k: v: nameValuePair "${k}.${domain}" v);
|
mapSubdomains = with lib; mapAttrs' (k: nameValuePair "${k}.${domain}");
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue